公开(公告)号：US20180121125A1

公开(公告)日：2018-05-03

申请号：US15340895

申请日：2016-11-01

Applicant: QUALCOMM Incorporated

Inventor： Thomas Zeng ,  Azzedine Touzni

IPC: G06F3/06 ,  G06F12/1027

CPC classification number: G06F3/0637 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/0679 ,  G06F12/1027 ,  G06F21/53 ,  G06F21/78 ,  G06F2212/50 ,  G06F2212/68 ,  H04L63/02

Abstract: In an aspect, an apparatus obtains, at one or more hardware configuration interfaces, a physical page number associated with a secure resource, a domain identifier, and at least one memory attribute. The one or more hardware configuration interfaces may be in communication with a resource protection unit that manages access to the secure resource. The apparatus configures, by the one or more hardware configuration interfaces, a page table entry in a page table maintained at the resource protection unit, where the page table entry is configured to include the physical page number associated with the secure resource, the domain identifier, and the at least one memory attribute. The resource protection unit processes a resource access transaction when an access permission for the resource access transaction is determined in the page table.

公开(公告)号：US09910799B2

公开(公告)日：2018-03-06

申请号：US15089814

申请日：2016-04-04

Applicant: QUALCOMM Incorporated

Inventor： Christophe Avoinne ,  Jason Edward Podaima ,  Manokanthan Somasundaram ,  Bohuslav Rychlik ,  Thomas Zeng ,  Jaya Subramaniam Ganasan ,  Kun Xu

IPC: G06F13/00 ,  G06F13/28 ,  G06F12/08 ,  G06F15/173 ,  G06F9/50 ,  G06F9/54 ,  G06F9/455

CPC classification number: G06F13/28 ,  G06F9/5016 ,  G06F9/5077 ,  G06F9/546 ,  G06F12/08 ,  G06F15/17318 ,  G06F2009/45583 ,  G06F2212/657

Abstract: Aspects include computing devices, apparatus, and methods for accelerating distributive virtual memory (DVM) message processing in a computing device. DVM message interceptors may be positioned in various locations within a DVM network of a computing device so that DVM messages may be intercepted before reaching certain DVM destinations. A DVM message interceptor may receive a broadcast DVM message from first DVM source. The DVM message interceptor may determine whether a preemptive DVM message response should be returned to the DVM source on behalf of the DVM destination. When certain criteria are met, the DVM message interceptor may generate a preemptive DVM message response to the broadcast DVM message, and send the preemptive DVM message response to the DVM source.

公开(公告)号：US20180024944A1

公开(公告)日：2018-01-25

申请号：US15217728

申请日：2016-07-22

Applicant: QUALCOMM Incorporated

Inventor： Thomas Zeng ,  Azzedine Touzni ,  Mitchel Humpherys

IPC: G06F12/14 ,  G06F12/1009

CPC classification number: G06F12/1483 ,  G06F12/1009 ,  G06F12/1416 ,  G06F12/145 ,  G06F12/1475 ,  G06F2212/1052 ,  G06F2212/152

Abstract: Disclosed are methods and apparatus for memory management in shared virtual memory (SVM) systems. The methods and apparatus provide SVM access control on a per master basis through the assignment of a first classification identifier (ID) upon reception of a memory access request from a memory master. The assigned first classification ID assigned to the memory request is compared with a second classification ID stored in at least one page table entry of a page table used to manage the SVM system. The page table entry (PTE) corresponds to one or more memory locations of the SVM being requested in the memory access request. SVM system access operations for the memory access request are then denied if the first classification ID does not match the second classification ID, thereby providing added per master access control for the SVM system.

公开(公告)号：US20170286335A1

公开(公告)日：2017-10-05

申请号：US15089814

申请日：2016-04-04

Applicant: QUALCOMM Incorporated

Inventor： Christophe Avoinne ,  Jason Edward Podaima ,  Manokanthan Somasundaram ,  Bohuslav Rychlik ,  Thomas Zeng ,  Jaya Subramaniam Ganasan ,  Kun Xu

IPC: G06F13/28 ,  G06F12/08

CPC classification number: G06F13/28 ,  G06F9/5016 ,  G06F9/5077 ,  G06F9/546 ,  G06F12/08 ,  G06F15/17318 ,  G06F2009/45583 ,  G06F2212/657

Abstract: Aspects include computing devices, apparatus, and methods for accelerating distributive virtual memory (DVM) message processing in a computing device. DVM message interceptors may be positioned in various locations within a DVM network of a computing device so that DVM messages may be intercepted before reaching certain DVM destinations. A DVM message interceptor may receive a broadcast DVM message from first DVM source. The DVM message interceptor may determine whether a preemptive DVM message response should be returned to the DVM source on behalf of the DVM destination. When certain criteria are met, the DVM message interceptor may generate a preemptive DVM message response to the broadcast DVM message, and send the preemptive DVM message response to the DVM source.

公开(公告)号：US20170286314A1

公开(公告)日：2017-10-05

申请号：US15084886

申请日：2016-03-30

Applicant: QUALCOMM Incorporated

Inventor： Assaf Shacham ,  Shaul Yohai Yifrach ,  Thomas Zeng

IPC: G06F12/10 ,  G06F3/06

CPC classification number: G06F12/1027 ,  G06F3/0619 ,  G06F3/064 ,  G06F3/0659 ,  G06F3/0673 ,  G06F12/0891 ,  G06F12/1081 ,  G06F13/28 ,  G06F2212/1024 ,  G06F2212/1028 ,  G06F2212/683 ,  Y02D10/13

Abstract: Hardware-based translation lookaside buffer (TLB) invalidation techniques are disclosed. A host system is configured to exchange data with a peripheral component interconnect express (PCIe) endpoint (EP). A memory management unit (MMU), which is a hardware element, is included in the host system to provide address translation according to at least one TLB. In one aspect, the MMU is configured to invalidate the at least one TLB in response to receiving at least one TLB invalidation command from the PCIe EP. In another aspect, the PCIe EP is configured to determine that the at least one TLB needs to be invalidated and provide the TLB invalidation command to invalidate the at least one TLB. By implementing hardware-based TLB invalidation in the host system, it is possible to reduce TLB invalidation delay, thus leading to increased data throughput, reduced power consumption, and improved user experience.

公开(公告)号：US10725932B2

公开(公告)日：2020-07-28

申请号：US16204965

申请日：2018-11-29

Applicant: QUALCOMM INCORPORATED

Inventor： Thomas Zeng ,  Samar Asbe ,  Adam Openshaw

IPC: G06F12/00 ,  G06F12/1027 ,  G06F9/455

Abstract: Systems, methods, and computer programs are disclosed for optimizing headless virtual memory management in a system on chip (SoC) with global translation lookaside buffer shootdown. The SoC comprises an application processor configured to execute a headful virtual machine and one or more SoC processing devices configured to execute a corresponding headless virtual machine. The method comprises issuing a virtual machine mapping command with a headless virtual machine having a first virtual machine identifier. In response to the virtual machine mapping command, a current value stored in a hardware register in the application processor is saved. The first virtual machine identifier associated with the headless virtual machine is loaded into the hardware register. A translation lookaside buffer (TLB) invalidate command is issued while the first virtual machine identifier is loaded in the hardware register. Upon completion of translation lookaside buffer synchronization, the current value is restored to the hardware register.

公开(公告)号：US10310882B2

公开(公告)日：2019-06-04

申请号：US15172529

申请日：2016-06-03

Applicant: QUALCOMM Incorporated

Inventor： Thomas Zeng ,  Azzedine Touzni ,  Philip Mueller, Jr. ,  Piyush Patel

IPC: G06F9/455 ,  G06F9/50 ,  G06F12/10 ,  G06F12/14 ,  G06F12/1009 ,  G06F12/1027 ,  G06F21/44 ,  G06F21/53

Abstract: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.

公开(公告)号：US20180129828A1

公开(公告)日：2018-05-10

申请号：US15344384

申请日：2016-11-04

Applicant: QUALCOMM Incorporated

Inventor： Thomas Zeng ,  Azzedine Touzni ,  Brian Kelley

IPC: G06F21/71 ,  G06F21/53 ,  G06F21/78

CPC classification number: G06F21/71 ,  G06F21/53 ,  G06F21/74 ,  G06F21/78 ,  G06F21/79 ,  G06F2221/2149

Abstract: Exemplary features pertain to establishing an Exclusive Execution Environment domain that Trusted Execution Zone components are forbidden to access. In one example, a system-on-a-chip (SoC) is equipped with a Reduced Instruction Set Computing (RISC) processor along with an application DSP (ADSP) and/or Graphics Processing Unit (GPU), where the ADSP and/or GPU is configured to provide and enforce the Exclusive Execution Environment domain. By forbidding access to Trusted Execution Zone components, security can be enhanced, especially within minimally-equipped devices that do not have the resources to implement a full Trust Execution Environment, such as low-power devices associated with the Internet of Things (IoT). Among other features, the systems and methods described herein allow application clients to build exclusive execution environments and claim exclusive access to buffer objects and hardware resource groups. Method and apparatus examples are provided.

公开(公告)号：US20170031838A1

公开(公告)日：2017-02-02

申请号：US14811296

申请日：2015-07-28

Applicant: QUALCOMM Incorporated

Inventor： Satyaki Mukherjee ,  Subodh Singh ,  Ajaykumar Shankargouda Patil ,  Thomas Zeng ,  Azzedine Touzni

IPC: G06F12/14 ,  G06F9/455

CPC classification number: G06F12/1441 ,  G06F9/45558 ,  G06F12/1009 ,  G06F21/53 ,  G06F21/85 ,  G06F2009/45587 ,  G06F2212/1016 ,  G06F2212/1052 ,  G06F2212/657

Abstract: Disclosed is a method for protecting virtual machine data at a peripheral subsystem connected to at least one processor configured to host a plurality of virtual machines. In the method, context information, including a virtual machine identifier (VMID), is received. The VMID is unique to one of the plurality of virtual machines. A storage bank of a plurality of storage banks is selected based on the VMID included in the received context information. Each storage bank of the plurality of storage banks uses a same bus address range. A data bus is connected to the selected storage bank.

Abstract translation: 公开了一种用于在与被配置为托管多个虚拟机的至少一个处理器连接的外围子系统上保护虚拟机数据的方法。 在该方法中，接收包括虚拟机标识符（VMID）的上下文信息。 VMID对于多个虚拟机之一是唯一的。 基于接收到的上下文信息中包含的VMID来选择多个存储体的存储体。 多个存储组的每个存储体使用相同的总线地址范围。 数据总线连接到选定的存储库。

公开(公告)号：US09507961B2

公开(公告)日：2016-11-29

申请号：US14014032

申请日：2013-08-29

Applicant: Qualcomm Incorporated

Inventor： Thomas Zeng ,  Azzedine Touzni ,  William Torzewski

IPC: G06F21/74 ,  G06F21/71 ,  G06T1/20

CPC classification number: G06F21/71 ,  G06F21/74 ,  G06F2221/2113 ,  G06T1/20

Abstract: Systems, methods, and computer programs are disclosed for providing secure access control to a graphics processing unit (GPU). One system includes a GPU, a plurality GPU programming interfaces, and a command processor. Each GPU programming interface is dynamically assigned to a different one of a plurality of security zones. Each GPU programming interface is configured to receive work orders issued by one or more applications associated with the corresponding security zone. The work orders comprise instructions to be executed by the GPU. The command processor is in communication with the plurality of GPU programming interfaces. The command processor is configured to control execution of the work orders received by the plurality of GPU programming interfaces using separate secure memory regions. Each secure memory region is allocated to one of the plurality of security zones.

Abstract translation: 公开了用于向图形处理单元（GPU）提供安全访问控制的系统，方法和计算机程序。 一个系统包括GPU，多个GPU编程接口和命令处理器。 每个GPU编程接口被动态分配给多个安全区中的不同的一个。 每个GPU编程接口被配置为接收由与相应安全区相关联的一个或多个应用发出的工作命令。 工作单包括由GPU执行的指令。 命令处理器与多个GPU编程接口通信。 命令处理器被配置为使用单独的安全存储器区域来控制由多个GPU编程接口接收的工作订单的执行。 每个安全存储器区域被分配给多个安全区域中的一个。